Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ra101/masquerbot

A TelegramBot for true paranoids.
https://github.com/ra101/masquerbot

apscheduler cryptography ecdsa flask flask-restful flask-sqlalchemy gunicorn hashing heroku pixel-manupulation postgres postgresql pytelegrambotapi python sqlalchemy stegano steganography telegram telegram-bot webhook

Last synced: 3 days ago
JSON representation

A TelegramBot for true paranoids.

Host: GitHub
URL: https://github.com/ra101/masquerbot
Owner: ra101
License: gpl-3.0
Created: 2020-07-11T12:16:25.000Z (over 4 years ago)
Default Branch: core
Last Pushed: 2023-03-07T08:28:06.000Z (almost 2 years ago)
Last Synced: 2023-03-10T01:55:57.315Z (almost 2 years ago)
Topics: apscheduler, cryptography, ecdsa, flask, flask-restful, flask-sqlalchemy, gunicorn, hashing, heroku, pixel-manupulation, postgres, postgresql, pytelegrambotapi, python, sqlalchemy, stegano, steganography, telegram, telegram-bot, webhook
Language: Python
Homepage: https://t.me/MasquerBot
Size: 568 KB
Stars: 6
Watchers: 3
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

MasquerBot

https://t.me/MasquerBot

This `TelegramBot` uses state-of-the-art encryption algorithm *(ECDSA)* and pixel manipulation *(steganography)* to masque any given `` within any given ``.

- _If you truly have a paranoia about security. A VPN is recommended during [/encrypt](#desktop_computer-available-commands) and [/decrypt](#desktop_computer-available-commands)._

- _PNGs are recommended better performance._

**Video Tutorial:** [LRBY](https://lbry.tv/@ra101/MasquerBot) | [YouTube](https://www.youtube.com/watch?v=yH3SVmCZD7Q)

## 💼About

### 📈Workflow

How this works is, everyone is given a public key, that public key is used to lock information, we call it public key as it can be publicly distributed.

So to masque a message both sender and receiver must initiate MasquerBot's Service. Each message is masqued only for receiver, if receiver changes xer key then decryption would be impossible.

### 🖥Available Commands:

- [**/start**](#desktop_computer-available-commands): It starts and calls **/help** and **/get_key**
- [**/lbry**](#desktop_computer-available-commands) or [**/youtube**](#desktop_computer-available-commands): Return a link of video tutorial.
- [**/help**](#desktop_computer-available-commands): Returns the `Workflow` and `Available Commands` .
- [**/get_key**](#desktop_computer-available-commands): Returns your `public key`.
- [**/encrypt**](#desktop_computer-available-commands): Returns the `encoded image`.
- Step 1: Send the `message` to encrypt.
- Step 2: Send the recipient's `public key` **(not yours)**.
- Step 3: Send the `image` **(as document)**.
- [**/decrypt**](#desktop_computer-available-commands): Returns the `hidden text`.
- Step 1: Send the `encoded image` **(as document)**.
- [**/cancel**](#desktop_computer-available-commands): Cancels any ongoing events.
- [**/request_new_key**](#desktop_computer-available-commands): Deletes your account and creates another one. **Beware! Once deleted you cant retrieve any text masqued using previous key.**

### ⚡Features:

- Saves `Hashes` instead of username.
- `unique contraint` prevents duplicacy.
- Message is first `encrypted` then `steganography` is performed.
- `ECDSA` is used. which means less time on computation and powerful encryption.
- `Dynamic URL`: URL changes every `6 hours and 5 minutes`, with `130 char long`, therefore making it impossible to send through any means other than telegram since URL remains unknown to everyone except telegram.
- `Gunicorn` creates multiple workers hence supporting parallel processing.
- Process Management: All process are cancelled before starting a new one. `Triggers` are added to delete any process with timestamp older than 10 minutes.
- Few cool `Easter Eggs` are there as well.

## ⚙Development

### 💾Setup

The following are the bare necessities for this project.

- [Python3](https://www.python.org/downloads/)
- [TelegramBot with its API key](https://core.telegram.org/bots#3-how-do-i-create-a-bot)

Lets start the standard procedure for python project setup.

- Clone the repository

```bash
$ git clone https://github.com/ra101/MasqureBot.git
```

- Create the virtualenv and activate it

```bash
$ cd MasqureBot
$ virtualenv .
$ source ./bin/activate # unix
$ .\Scripts\activate.bat # windows
```

- Install requirements
```bash
$ pip install -r requirements.txt
```

### 💻Run on localhost

To run the project locally download and install

- [ngrok](https://ngrok.com/download)

Following are the steps to run locally

- copy content of .env.template into .env *(one can use [dump-env](https://github.com/sobolevn/dump-env) as well)*

```bash
$ cat .env.template > .env
```

- Fillup the basic info.

```bash
DOMAIN_NAME=

# Flask Variables
# ------------
FLASK_DEBUG=True
FLASK_ENV=development
FLASK_SECRET_KEY=my_precious

# SQLAlchemy Variables
# ------------
DATABASE_URL=
SQLALCHEMY_TRACK_MODIFICATIONS=True

# Telegram Credentials
# ------------
TELEGRAM_BOT_TOKKEN=
```

- For `DOMAIN_NAME`

- run the following command

```bash
$ ngrok http 8000
```

- This will create a local tunnel with address like `https://.ngrok.io` that is your value for domain.

- For `DATABASE_URL`

- If you use SQLite, that create a file and it does not need any other software. `sqlite:///foo.db`

is the value for `DATABASE_URL` is that case.

- For any other SQL the syntax is `dialect+driver://username:password@host:port/database` , here `dialect` refers to SQL. We have used postgreSQL which uses `psycopg2` as default driver which is installed from `requirements.txt`

- Run the application!

```bash
$ make
```

```bash
$ gunicorn wsgi:application -c scheduler.py
```

### ☁Run on Server

Following are the steps to run on server.

- If you can host .env, then the steps are pretty much same as running locally, except for `DOMAIN_NAME` , it will be provided by hosting provider.

- If you can't host .env like in case of `heroku`, then you need to export each variable into hosting providers environment.

## 📃Breakdown of `requirements.txt`

| Dependency | Usage |
| ---------------- | ------------------------------------------------------------ |
| APScheduler | Creates a background scheduler in `scheduler.py` which changes webhook URL in every 6 hours and 5 minutes |
| eciespy | Generates ECDSA key pair and also provides encryption and decryption functionality |
| Flask | Flask is a lightweight [WSGI](https://wsgi.readthedocs.io/) web application framework. |
| Flask-RESTful | Adds support for quickly building REST APIs. |
| Flask-SQLAlchemy | Provides a Object Relation Mapper which is meant to integrate with |
| gunicorn | It is a Python WSGI HTTP server. It is a pre-fork worker model, used to create concurrency for resources. |
| psycopg2-binary | Driver for postgreSQL used by Flask-SQLAlchemy |
| pyTelegramBotAPI | A simple, but extensible Python implementation for the Telegram Bot API. |
| python-dotenv | Reads the key-value pair from `.env` file and adds them to environment variable. |
| stegano | A pure Python Steganography module. |

## 🎁Donations

## 🌟Credit/Acknowledgment

[![Contributors](https://img.shields.io/github/contributors/ra101/MasquerBot?style=for-the-badge)](https://github.com/ra101/MasquerBot/graphs/contributors)

## 📜License

[![License](https://img.shields.io/github/license/ra101/MasquerBot?style=for-the-badge)](https://github.com/ra101/MasquerBot/blob/core/LICENSE)

## 🤙Contact Me

[![Protonmail](https://img.shields.io/badge/Protonmail-Email-ab44fe?style=for-the-badge&logo=protonmail)](mailto://[email protected]) [![Telegram](https://img.shields.io/badge/Telegram-Chat-informational?style=for-the-badge&logo=telegram)](https://telegram.me/ra_101)